so if the software is in the provider's name...THEY need a BAA with the software and WE need a BAA with the provider only, even if we use their software, correct?

Basically yes.. If you will be utilizing their system you will want to adhere to their compliance plan and be SURE your login credentials meet HIPAA requirements. You won't need to have a BAA with the vendor/clearinghouse, that would be between the provider and the vendor/clearinghouse. IT Is just critical that you adhere to compliance procedures in dealing with login/access.

Outside of the software and overall you will want to have a BAA with your provider. There are some billing companies that can be classified as covered entities but most are BAA's.

I use Metrofax and will be signing a BAA with them, as that is how I receive PHI. Do my providers have to sign a BAA with my Metrofax account as well because THEIR patient's PHI is being transmitted that way?

I really could not tell you because I always require original signatures on all my contracts/agreements. No digital signing or fax signing. Just my own cover my ass procedure. You will want to cover your use of Metrofax in your BAA with the provider, they should be made aware of the relationship and BAA.